fix: Revert broken params in remaining controllers/models, fix seed IDs

Complete the revert of the unsupported params={} syntax across all
remaining controllers (AuthController, BookmarkController,
ReadingHistoryController, RolesController, NewsletterController) and
models (LoginAttempt, PasswordReset, RememberToken, Log).

Also add migration to re-insert post_statuses and post_types with
explicit sequential IDs matching blogStatuses(), fixing the
CockroachDB unique_rowid() mismatch that broke PostStatus JOINs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: bpamiri

app/controllers/admin/NewsletterController.cfc

@@ -202,7 +202,7 @@ component extends="app.Controllers.Controller" {
             );
 
             if (type == "user") {
-                var user = model("User").findOne(where="email = :email", params={email={value=email, cfsqltype="cf_sql_varchar"}});
+                var user = model("User").findOne(where="email = '#email#'");
                 if (isObject(user)) {
                     user.update(newsletter=false);
                     model("Log").log(
@@ -227,7 +227,7 @@ component extends="app.Controllers.Controller" {
                     };
                 }
             } else {
-                var subscriber = model("NewsletterSubscriber").findOne(where="email = :email", params={email={value=email, cfsqltype="cf_sql_varchar"}});
+                var subscriber = model("NewsletterSubscriber").findOne(where="email = '#email#'");
                 if (isObject(subscriber)) {
                     subscriber.update(status="inactive");
                     model("Log").log(
@@ -371,8 +371,7 @@ component extends="app.Controllers.Controller" {
             // Search in users table
             var searchPattern = "%" & searchTerm & "%";
             var userSubscribers = model("User").findAll(
-                where="newsletter = 1 AND (email LIKE :term OR firstname LIKE :term OR lastname LIKE :term)",
-                params={term={value=searchPattern, cfsqltype="cf_sql_varchar"}}
+                where="newsletter = 1 AND (email LIKE '#searchPattern#' OR firstname LIKE '#searchPattern#' OR lastname LIKE '#searchPattern#')"
             );
             for (var user in userSubscribers) {
                 subscribers.append({
@@ -385,8 +384,7 @@ component extends="app.Controllers.Controller" {
 
             // Search in newsletter_subscribers table
             var nonUserSubscribers = model("NewsletterSubscriber").findAll(
-                where="email LIKE :term",
-                params={term={value=searchPattern, cfsqltype="cf_sql_varchar"}}
+                where="email LIKE '#searchPattern#'"
             );
             for (var subscriber in nonUserSubscribers) {
                 subscribers.append({

app/controllers/admin/RolesController.cfc

@@ -18,7 +18,7 @@ component extends="app.Controllers.Controller" {
         if(id > 0) {
             role = model("role").findByKey(params.id);
             permissions = model("permission").findAll();
-            activePermission = model("RolePermission").findAll(select="permissionId", where="roleId = :roleId", params={roleId={value=val(params.id), cfsqltype="cf_sql_integer"}});
+            activePermission = model("RolePermission").findAll(select="permissionId", where="roleId = #val(params.id)#");
             existingPermissionIds = [];
             for (row in activePermission) {
                 arrayAppend(existingPermissionIds, row.permissionId);
@@ -32,7 +32,7 @@ component extends="app.Controllers.Controller" {
     }
 
     function checkRoleExistance(){
-        var checkExistingRole = model("Role").findAll(where="name = :name", params={name={value=params.Name, cfsqltype="cf_sql_varchar"}});
+        var checkExistingRole = model("Role").findAll(where="name = '#params.Name#'");
         if(checkExistingRole.recordcount != 0){
             renderText('<p class="fs-12 ms-2">A role already exist with this name! Role name must be unique.');
             return;
@@ -43,7 +43,7 @@ component extends="app.Controllers.Controller" {
 
     function store(){
         try {
-            var checkExistingRole = model("Role").findAll(where="name = :name", params={name={value=params.Name, cfsqltype="cf_sql_varchar"}});
+            var checkExistingRole = model("Role").findAll(where="name = '#params.Name#'");
             if(checkExistingRole.recordcount != 0 && params.id == 0){
                 redirectTo(action="index", error="A role already exist with name' #params.Name#'. Role name must be unique.");
                 return;
@@ -85,7 +85,7 @@ component extends="app.Controllers.Controller" {
 
                     // Update role permissions
                     permissionList = [];
-                    model("RolePermission").deleteAll(where="roleId = :roleId", params={roleId={value=val(RoleData.id), cfsqltype="cf_sql_integer"}});
+                    model("RolePermission").deleteAll(where="roleId = #val(RoleData.id)#");
                     for (fieldName in RoleData) {
                         if (left(fieldName, 11) == "permission-") {
                             // Extract the numeric part after the dash

app/controllers/web/AuthController.cfc

@@ -53,7 +53,7 @@ component extends="app.Controllers.Controller" {
                 }
             );
             // Check if user exists first (regardless of status)
-            var existingUser = model("User").findOne(where="email = :email", params={email={value=params.email, cfsqltype="cf_sql_varchar"}}, include="Role");
+            var existingUser = model("User").findOne(where="email = '#params.email#'", include="Role");
 
             // If user doesn't exist, send registration invitation but return generic message
             if (!isObject(existingUser)) {
@@ -81,7 +81,7 @@ component extends="app.Controllers.Controller" {
             // Check if user is locked out
             if (model("LoginAttempt").isUserLocked(params.email)) {
                 // Check if it's a manual lock by admin
-                var user = model("User").findOne(where="email = :email", params={email={value=params.email, cfsqltype="cf_sql_varchar"}});
+                var user = model("User").findOne(where="email = '#params.email#'");
                 var isManuallyLocked = isObject(user) && structKeyExists(user, "locked") && user.locked;
 
                 model("Log").log(
@@ -303,7 +303,7 @@ component extends="app.Controllers.Controller" {
 
             // Check if user needs to submit testimonial
             if (isObject(user.role) && user.role.name != 'Admin') {
-                var testimonial = model("Testimonial").findOne(where="userId = :userId", params={userId={value=val(user.id), cfsqltype="cf_sql_integer"}});
+                var testimonial = model("Testimonial").findOne(where="userId = #val(user.id)#");
 
                 model("Log").log(
                     category = "wheels.auth",
@@ -369,7 +369,7 @@ component extends="app.Controllers.Controller" {
                 if (structKeyExists(cookie, "remember_me")) {
                     var rawToken = cookie.remember_me;
                     var hashedToken = hash(rawToken, "SHA-256");
-                    var rememberToken = model("RememberToken").findOne(where="token = :token", params={token={value=hashedToken, cfsqltype="cf_sql_varchar"}});
+                    var rememberToken = model("RememberToken").findOne(where="token = '#hashedToken#'");
                     if (isObject(rememberToken)) {
                         rememberToken.delete();
                     }
@@ -451,7 +451,7 @@ component extends="app.Controllers.Controller" {
                 return;
             }
             // Check for duplicate email before calling saveUser
-            var existingUser = model("User").findFirst(where="email = :email", params={email={value=params.email, cfsqltype="cf_sql_varchar"}});
+            var existingUser = model("User").findFirst(where="email = '#params.email#'");
             if (isObject(existingUser)) {
                 renderText("<p style='color:red;'>An account with this email address already exists.</p>");
                 return;
@@ -608,7 +608,7 @@ component extends="app.Controllers.Controller" {
     }
 
     private function validateCredentials(required string email, required string password) {
-        var user = model("User").findOne(where="email = :email AND status = 'True'", params={email={value=email, cfsqltype="cf_sql_varchar"}}, include="Role");
+        var user = model("User").findOne(where="email = '#email#' AND status = 'True'", include="Role");
         if (!isObject(user)) {
             return false; // User not found
         }
@@ -749,7 +749,7 @@ component extends="app.Controllers.Controller" {
             // Skip email sending in test mode
             return true;
         }
-        var user = model("User").findOne(where="email = :email", params={email={value=email, cfsqltype="cf_sql_varchar"}});
+        var user = model("User").findOne(where="email = '#email#'");
         if (!isObject(user)) return false;
         var verifyUrl = urlFor(action="verify", onlyPath=false) & "?token=" & token;
         return sendTemplateEmail("Sign Up Account Verification", user.email, user.fullname, verifyUrl);
@@ -791,7 +791,7 @@ component extends="app.Controllers.Controller" {
 
         try {
             // Check if user already has a verification token
-            var existingToken = model("UserToken").findOne(where="user_id = :userId AND status = 'false'", params={userId={value=val(user.id), cfsqltype="cf_sql_integer"}});
+            var existingToken = model("UserToken").findOne(where="user_id = #val(user.id)# AND status = 'false'");
 
             if (!isObject(existingToken)) {
                 // Generate a new verification token
@@ -828,7 +828,7 @@ component extends="app.Controllers.Controller" {
 
     private function verifyToken(required string token) {
         var message="";
-        var tokenRecord = model("UserToken").findOne(where="token = :token", params={token={value=token, cfsqltype="cf_sql_varchar"}});
+        var tokenRecord = model("UserToken").findOne(where="token = '#token#'");
 
         if (isObject(tokenRecord)) {
             // Check if token has expired
@@ -854,7 +854,7 @@ component extends="app.Controllers.Controller" {
     }
 
     private boolean function isRateLimited(required string ipAddress) {
-        var attempts = model("LoginAttempt").findAll(where="ip_address = :ipAddress AND created_at > :cutoff", params={ipAddress={value=ipAddress, cfsqltype="cf_sql_varchar"}, cutoff={value=dateTimeFormat(dateAdd("n", -15, now()), "yyyy-MM-dd HH:nn:ss"), cfsqltype="cf_sql_timestamp"}});
+        var attempts = model("LoginAttempt").findAll(where="ip_address = '#ipAddress#' AND created_at > '#dateTimeFormat(dateAdd("n", -15, now()), "yyyy-MM-dd HH:nn:ss")#'");
         return attempts.recordCount >= 3;
     }
 
@@ -919,7 +919,7 @@ component extends="app.Controllers.Controller" {
         param name="params.email" default="";
 
         try {
-            var user = model("User").findOne(where="email = :email", params={email={value=params.email, cfsqltype="cf_sql_varchar"}});
+            var user = model("User").findOne(where="email = '#params.email#'");
 
             if (isObject(user)) {
                 // Generate reset token
@@ -971,8 +971,7 @@ component extends="app.Controllers.Controller" {
 
         try {
             var reset = model("PasswordReset").findOne(
-                where="token = :token AND expiresAt > :now AND used = 0",
-                params={token={value=params.token, cfsqltype="cf_sql_varchar"}, now={value=dateTimeFormat(now(), "yyyy-MM-dd HH:nn:ss"), cfsqltype="cf_sql_timestamp"}}
+                where="token = '#params.token#' AND expiresAt > '#dateTimeFormat(now(), "yyyy-MM-dd HH:nn:ss")#' AND used = 0"
             );
 
             if (!isObject(reset)) {
@@ -1005,8 +1004,7 @@ component extends="app.Controllers.Controller" {
         try {
             // Validate token
             var reset = model("PasswordReset").findOne(
-                where="token = :token AND expiresAt > :now AND used = 0",
-                params={token={value=params.token, cfsqltype="cf_sql_varchar"}, now={value=dateTimeFormat(now(), "yyyy-MM-dd HH:nn:ss"), cfsqltype="cf_sql_timestamp"}}
+                where="token = '#params.token#' AND expiresAt > '#dateTimeFormat(now(), "yyyy-MM-dd HH:nn:ss")#' AND used = 0"
             );
 
             if (!isObject(reset)) {

app/controllers/web/BookmarkController.cfc

@@ -20,11 +20,7 @@ component extends="app.Controllers.Controller" {
 
 		// Find bookmark
 		bookmark = model("Bookmark").findOne(
-			where="userId = :userId AND blogId = :blogId",
-			params={
-				userId={value=val(session.userID), cfsqltype="cf_sql_integer"},
-				blogId={value=val(params.blogId), cfsqltype="cf_sql_integer"}
-			}
+			where="userId = #val(session.userID)# AND blogId = #val(params.blogId)#"
 		);
 
 		if (IsObject(bookmark)) {
@@ -39,11 +35,7 @@ component extends="app.Controllers.Controller" {
 		} else {
 			// Check if a soft-deleted bookmark exists
 			deletedBookmark = model("Bookmark").findOne(
-				where="userId = :userId AND blogId = :blogId",
-				params={
-					userId={value=val(session.userID), cfsqltype="cf_sql_integer"},
-					blogId={value=val(params.blogId), cfsqltype="cf_sql_integer"}
-				},
+				where="userId = #val(session.userID)# AND blogId = #val(params.blogId)#",
 				includeSoftDeletes=true
 			);
 
@@ -86,8 +78,7 @@ component extends="app.Controllers.Controller" {
 
 		bookmarks = model("Bookmark")
 			.findAll(
-				where="userId = :userId",
-				params={userId={value=val(session.userID), cfsqltype="cf_sql_integer"}},
+				where="userId = #val(session.userID)#",
 				include="Blog",
 				order="createdAt DESC",
 				perPage=20,
@@ -106,16 +97,13 @@ component extends="app.Controllers.Controller" {
 			params.page = 1;
 		}
 
-		var whereClause = "userId = :userId";
-		var queryParams = {userId={value=val(session.userID), cfsqltype="cf_sql_integer"}};
+		var whereClause = "userId = #val(session.userID)#";
 		if (StructKeyExists(params, "searchTerm") && params.searchTerm != "") {
-			whereClause &= " AND Blog.title LIKE :searchTerm";
-			queryParams.searchTerm = {value="%" & params.searchTerm & "%", cfsqltype="cf_sql_varchar"};
+			whereClause &= " AND Blog.title LIKE '%#params.searchTerm#%'";
 		}
 
 		bookmarks = model("Bookmark").findAll(
 			where=whereClause,
-			params=queryParams,
 			include="Blog",
 			order="createdAt DESC",
 			perPage=20,

app/controllers/web/ReadingHistoryController.cfc

@@ -18,12 +18,9 @@ component extends="app.Controllers.Controller" {
 			params.page = 1;
 		}
 
-		var userIdParam = {userId={value=val(session.userID), cfsqltype="cf_sql_integer"}};
-
 		histories = model("ReadingHistory")
 			.findAll(
-				where="userId = :userId",
-				params=userIdParam,
+				where="userId = #val(session.userID)#",
 				include="Blog",
 				order="lastReadAt DESC",
 				perPage=20,
@@ -32,8 +29,7 @@ component extends="app.Controllers.Controller" {
 
 		bookmarks = model("Bookmark")
 			.findAll(
-				where="userId = :userId",
-				params=userIdParam,
+				where="userId = #val(session.userID)#",
 				include="Blog",
 				order="createdAt DESC"
 			);
@@ -51,11 +47,7 @@ component extends="app.Controllers.Controller" {
 		}
 
 		history = model("ReadingHistory").findOne(
-			where="userId = :userId AND blogId = :blogId",
-			params={
-				userId={value=val(session.userID), cfsqltype="cf_sql_integer"},
-				blogId={value=val(params.blogId), cfsqltype="cf_sql_integer"}
-			}
+			where="userId = #val(session.userID)# AND blogId = #val(params.blogId)#"
 		);
 
 		if (IsObject(history)) {
@@ -87,11 +79,7 @@ component extends="app.Controllers.Controller" {
 		}
 
 		history = model("ReadingHistory").findOne(
-			where="userId = :userId AND blogId = :blogId",
-			params={
-				userId={value=val(session.userID), cfsqltype="cf_sql_integer"},
-				blogId={value=val(params.blogId), cfsqltype="cf_sql_integer"}
-			}
+			where="userId = #val(session.userID)# AND blogId = #val(params.blogId)#"
 		);
 
 		if (IsObject(history)) {
@@ -113,8 +101,7 @@ component extends="app.Controllers.Controller" {
 		}
 
 		model("ReadingHistory").deleteAll(
-			where="userId = :userId",
-			params={userId={value=val(session.userID), cfsqltype="cf_sql_integer"}}
+			where="userId = #val(session.userID)#"
 		);
 
 		flashInsert(success="Reading history cleared");
@@ -132,16 +119,13 @@ component extends="app.Controllers.Controller" {
 			params.page = 1;
 		}
 
-		var whereClause = "userId = :userId";
-		var queryParams = {userId={value=val(session.userID), cfsqltype="cf_sql_integer"}};
+		var whereClause = "userId = #val(session.userID)#";
 		if (StructKeyExists(params, "searchTerm") && params.searchTerm != "") {
-			whereClause &= " AND Blog.title LIKE :searchTerm";
-			queryParams.searchTerm = {value="%" & params.searchTerm & "%", cfsqltype="cf_sql_varchar"};
+			whereClause &= " AND Blog.title LIKE '%#params.searchTerm#%'";
 		}
 
 		histories = model("ReadingHistory").findAll(
 			where=whereClause,
-			params=queryParams,
 			include="Blog",
 			order="lastReadAt DESC",
 			perPage=20,
@@ -162,8 +146,7 @@ component extends="app.Controllers.Controller" {
 			params.page = 1;
 		}
 
-		var whereClause = "userId = :userId";
-		var queryParams = {userId={value=val(session.userID), cfsqltype="cf_sql_integer"}};
+		var whereClause = "userId = #val(session.userID)#";
 		if (StructKeyExists(params, "status")) {
 			if (params.status == "completed") {
 				whereClause &= " AND isCompleted=1";
@@ -174,7 +157,6 @@ component extends="app.Controllers.Controller" {
 
 		histories = model("ReadingHistory").findAll(
 			where=whereClause,
-			params=queryParams,
 			include="Blog",
 			order="lastReadAt DESC",
 			perPage=20,